[ovirt-users] Newly deployed ovirt instance can not start a VM
Hello everyone! I just finished setting up our new demo Ovirt implementation, but am having some issues once I get to the point of starting up a VM. Every time we try to start a VM, we get the error: The host {hostname} did not satisfy internal filter Network because network(s) are missing. This is trying to launch vm with the Cirros image from the OVirt glance repository. This is confusing, because we only have one network defined (the "ovirtmgmt" network), and each of our 4 nodes shows it attached and indicated as functional. Our nodes are all CentOS 6.6 installations, with the ovirtmgmt bridge bound to eth2. If I go to Networks/ovirtmgmt under my datacenter, and click on the Networks tab at the top, select the ovirtmgmt network, and Hosts tab at the bottom, it shows that ovirtmgmt network is up on all 4 nodes. Even if I tell the VM to not attach itself to any networks at all, the machine fails to start with the same error. Have done a lot of google searching to no avail. We're also worried we did not get our gluster storage network set up right. We added the Storage Domain as type Data (Master)/GlusterFS, but it looks like Ovirt is using Fuse rather than the new libgfapi functionality - since we can see the gluster mounted /rhev/data-center/mnt/glusterSD/ with fuse.glusterfs, which would indicate we are not using the native Gluster integration. However, the latest info I can find seems to indicate that the gluster integration should be working in latest CentOS builds. Thanks for any help anyone can give me! The boss wants this demo sooner rather than later! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Local storage with self-hosted mode
Is there any way to use local storage with self-hosted mode for VMs other than the engine? The interface does not seem to allow it. I can hack in local storage on vdsm, but its not discovered/used by the engine (so i assume this is because it keeps its own metadata). I tried using a posix domain but there seems to be an expectation that the posix domain is accessible to all other hosts. My use case is 2 physical servers with no shared storage options, and we need fast I/O since the VMs are used for CI, so local storage is the ideal setup. -Jason ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Don't start vm
On 12/05/2014 02:55 PM, Roman Nikolayevich Drovalev wrote: Hi, Please Help I normal stop my virtual mashine. But not start ! in the logs 2014-12-05 09:38:06,437 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-87) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM Cent is down with error. Exit message: ('Failed to get size for volume %s', u'fb8466c9-0867-4e73-8362-2c95eea89a83'). 2014-12-05 09:38:06,439 INFO [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-87) Running on vds during rerun failed vm: null 2014-12-05 09:38:06,447 INFO [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-87) VM Cent (d1ccb04d-bda8-42a2-bab6-7def2f8b2a00) is running in db and not running in VDS x3550m2down 2014-12-05 09:38:06,475 ERROR [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-87) Rerun vm d1ccb04d-bda8-42a2-bab6-7def2f8b2a00. Called from vds x3550m2down 2014-12-05 09:38:06,482 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-8-thread-16) Correlation ID: 2f3d1469, Job ID: 86d62fc3-f2d3-48f1-a5b3-d2abd0f84d6c, Call Stack: null, Custom Event ID: -1, Message: Failed to run VM Cent on Host x3550m2down 2014-12-05 09:38:06,486 INFO [org.ovirt.engine.core.bll.RunVmCommand] (org.ovirt.thread.pool-8-thread-16) Lock Acquired to object EngineLock [exclusiveLocks= key: d1ccb04d-bda8-42a2-bab6-7def2f8b2a00 value: VM , sharedLocks= ] 2014-12-05 09:38:06,504 INFO [org.ovirt.engine.core.vdsbroker.IsVmDuringInitiatingVDSCommand] (org.ovirt.thread.pool-8-thread-16) START, IsVmDuringInitiatingVDSCommand( vmId = d1ccb04d-bda8-42a2-bab6-7def2f8b2a00), log id: 2e257f81 2014-12-05 09:38:06,505 INFO [org.ovirt.engine.core.vdsbroker.IsVmDuringInitiatingVDSCommand] (org.ovirt.thread.pool-8-thread-16) FINISH, IsVmDuringInitiatingVDSCommand, return: false, log id: 2e257f81 2014-12-05 09:38:06,509 WARN [org.ovirt.engine.core.bll.RunVmCommand] (org.ovirt.thread.pool-8-thread-16) CanDoAction of action RunVm failed. Reasons:VAR__ACTION__RUN,VAR__TYPE__VM,VAR__ACTION__RUN,VAR__TYPE__VM,VAR__ACTION__RUN,VAR__TYPE__VM,VAR__ACTION__RUN,VAR__TYPE__VM,SCHEDULING_NO_HOSTS 2014-12-05 09:38:06,510 INFO [org.ovirt.engine.core.bll.RunVmCommand] (org.ovirt.thread.pool-8-thread-16) Lock freed to object EngineLock [exclusiveLocks= key: d1ccb04d-bda8-42a2-bab6-7def2f8b2a00 value: VM , sharedLocks= ] 2014-12-05 09:38:06,539 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-8-thread-16) Correlation ID: 2f3d1469, Job ID: 86d62fc3-f2d3-48f1-a5b3-d2abd0f84d6c, Call Stack: null, Custom Event ID: -1, Message: Failed to run VM Cent (User: admin). 2014-12-05 09:38:06,548 INFO [org.ovirt.engine.core.bll.ProcessDownVmCommand] (org.ovirt.thread.pool-8-thread-27) [58fe3e35] Running command: ProcessDownVmCommand internal: true. What me do? Hi Roman, Could you please share from hypervisor the /var/log/vdsm/vdsm.log too? -- Cheers Douglas ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Don't start vm
Hi, Please Help I normal stop my virtual mashine. But not start ! in the logs 2014-12-05 09:38:06,437 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-87) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: VM Cent is down with error. Exit message: ('Failed to get size for volume %s', u'fb8466c9-0867-4e73-8362-2c95eea89a83'). 2014-12-05 09:38:06,439 INFO [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-87) Running on vds during rerun failed vm: null 2014-12-05 09:38:06,447 INFO [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-87) VM Cent (d1ccb04d-bda8-42a2-bab6-7def2f8b2a00) is running in db and not running in VDS x3550m2down 2014-12-05 09:38:06,475 ERROR [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-87) Rerun vm d1ccb04d-bda8-42a2-bab6-7def2f8b2a00. Called from vds x3550m2down 2014-12-05 09:38:06,482 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-8-thread-16) Correlation ID: 2f3d1469, Job ID: 86d62fc3-f2d3-48f1-a5b3-d2abd0f84d6c, Call Stack: null, Custom Event ID: -1, Message: Failed to run VM Cent on Host x3550m2down 2014-12-05 09:38:06,486 INFO [org.ovirt.engine.core.bll.RunVmCommand] (org.ovirt.thread.pool-8-thread-16) Lock Acquired to object EngineLock [exclusiveLocks= key: d1ccb04d-bda8-42a2-bab6-7def2f8b2a00 value: VM , sharedLocks= ] 2014-12-05 09:38:06,504 INFO [org.ovirt.engine.core.vdsbroker.IsVmDuringInitiatingVDSCommand] (org.ovirt.thread.pool-8-thread-16) START, IsVmDuringInitiatingVDSCommand( vmId = d1ccb04d-bda8-42a2-bab6-7def2f8b2a00), log id: 2e257f81 2014-12-05 09:38:06,505 INFO [org.ovirt.engine.core.vdsbroker.IsVmDuringInitiatingVDSCommand] (org.ovirt.thread.pool-8-thread-16) FINISH, IsVmDuringInitiatingVDSCommand, return: false, log id: 2e257f81 2014-12-05 09:38:06,509 WARN [org.ovirt.engine.core.bll.RunVmCommand] (org.ovirt.thread.pool-8-thread-16) CanDoAction of action RunVm failed. Reasons:VAR__ACTION__RUN,VAR__TYPE__VM,VAR__ACTION__RUN,VAR__TYPE__VM,VAR__ACTION__RUN,VAR__TYPE__VM,VAR__ACTION__RUN,VAR__TYPE__VM,SCHEDULING_NO_HOSTS 2014-12-05 09:38:06,510 INFO [org.ovirt.engine.core.bll.RunVmCommand] (org.ovirt.thread.pool-8-thread-16) Lock freed to object EngineLock [exclusiveLocks= key: d1ccb04d-bda8-42a2-bab6-7def2f8b2a00 value: VM , sharedLocks= ] 2014-12-05 09:38:06,539 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-8-thread-16) Correlation ID: 2f3d1469, Job ID: 86d62fc3-f2d3-48f1-a5b3-d2abd0f84d6c, Call Stack: null, Custom Event ID: -1, Message: Failed to run VM Cent (User: admin). 2014-12-05 09:38:06,548 INFO [org.ovirt.engine.core.bll.ProcessDownVmCommand] (org.ovirt.thread.pool-8-thread-27) [58fe3e35] Running command: ProcessDownVmCommand internal: true. What me do? Roman___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Gluster-users] Gluster command [] failed on server...
Can you replace 'Before=network-online.target' with 'Wants=network-online.target' and try the boot again? This should force the network to be online before starting GlusterD. If even that fails, you could try adding an entry into /etc/hosts with the hostname of the system. This should prevent any more failures. I still don't believe it's a problem with Gluster. Gluster uses apis provided by the system to perform name resolution. These definitely work correctly because you can start GlusterD later. Since the resolution failure only happens during boot, it points to system or network setup issues during boot. To me it seems like the network isn't completely setup at that point of time. ~kaushal On Fri, Dec 5, 2014 at 12:47 PM, Punit Dambiwal wrote: > Hi Kaushal, > > It seems it's bug in glusterfs 3.6even i manage my systemd to start the > network service before glusterd...but it's still fail... > > --- > [Unit] > Description=GlusterFS, a clustered file-system server > After=network.target rpcbind.service > Before=network-online.target > > [Service] > Type=forking > PIDFile=/var/run/glusterd.pid > LimitNOFILE=65536 > ExecStartPre=/etc/rc.d/init.d/network start > ExecStart=/usr/sbin/glusterd -p /var/run/glusterd.pid > KillMode=process > > [Install] > WantedBy=multi-user.target > > > Thanks, > Punit > > On Wed, Dec 3, 2014 at 8:56 PM, Kaushal M wrote: >> >> I just remembered this. >> >> There was another user having a similar issue of GlusterD failing to >> start on the mailing list a while back. The cause of his problem was >> the way his network was brought up. >> IIRC, he was using a static network configuration. The problem >> vanished when he began using dhcp. Or it might have been he was using >> dhcp.service and it got solved after switching to NetworkManager. >> >> This could be one more thing you could look at. >> >> I'll try to find the mail thread to see if it was the same problem as you. >> >> ~kaushal >> >> On Wed, Dec 3, 2014 at 6:22 PM, Kaushal M wrote: >> > I don't know much about how the network target is brought up in >> > CentOS7, but I'll try as much as I can. >> > >> > It seems to me that, after the network has been brought up and by the >> > time GlusterD is started, >> > a. The machine hasn't yet recieved it's hostname, or >> > b. It hasn't yet registered with the name server. >> > >> > This is causing name resolution failures. >> > >> > I don't know if the network target could come up without the machine >> > getting its hostname, so I'm pretty sure it's not a. >> > >> > So it seems to be b. But these kind of signing in happens only in DDNS >> > systems, which doesn't seem to be the case for you. >> > >> > Both of these reasons might be wrong (most likely wrong). You'd do >> > good if you could ask for help from someone with more experience in >> > systemd + networking. >> > >> > ~kaushal >> > >> > On Wed, Dec 3, 2014 at 10:54 AM, Punit Dambiwal >> > wrote: >> >> Hi Kaushal, >> >> >> >> This is the host...which i rebooted...would you mind to let me know how >> >> i >> >> can make the glusterd sevice come up after network...i am using >> >> centos7...if >> >> network is the issue... >> >> >> >> On Wed, Dec 3, 2014 at 11:54 AM, Kaushal M wrote: >> >>> >> >>> This peer cannot be identified. >> >>> >> >>> " [2014-12-03 02:29:25.998153] D >> >>> [glusterd-peer-utils.c:121:glusterd_peerinfo_find_by_hostname] >> >>> 0-management: >> >>> Unable to find friend: cpu05.zne01.hkg1.ovt.36stack.com" >> >>> >> >>> I don't know why this address is not being resolved during boot time. >> >>> If >> >>> this is a valid peer, the the only reason I can think of this that the >> >>> network is not up. >> >>> >> >>> If you had previously detached the peer forcefully, the that could >> >>> have >> >>> left stale entries in some volumes. In this case as well, GlusterD >> >>> will fail >> >>> to identify the peer. >> >>> >> >>> Do either of these reasons seem a possibility to you? >> >>> >> >>> On Dec 3, 2014 8:07 AM, "Punit Dambiwal" wrote: >> >> Hi Kaushal, >> >> Please find the logs here :- http://ur1.ca/iyoe5 and >> http://ur1.ca/iyoed >> >> On Tue, Dec 2, 2014 at 10:43 PM, Kaushal M >> wrote: >> > >> > Hey Punit, >> > In the logs you've provided, GlusterD appears to be running >> > correctly. >> > Could you provide the logs for the time period when GlusterD >> > attempts to >> > start but fails. >> > >> > ~kaushal >> > >> > On Dec 2, 2014 8:03 PM, "Punit Dambiwal" wrote: >> >> >> >> Hi Kaushal, >> >> >> >> Please find the logs here :- http://ur1.ca/iyhs5 and >> >> http://ur1.ca/iyhue >> >> >> >> Thanks, >> >> punit >> >> >> >> >> >> On Tue, Dec 2, 2014 at 12:00 PM, Kaushal M >> >> wrote: >> >>> >> >>> Hey Punit, >> >>> Could you start Glusterd in debug mode and provide the logs here? >> >>> To start it in debug mode,
[ovirt-users] oVirt Weekly Sync Meeting MInutes: Dec. 3, 2014
(That awkward moment when you realize you didn't send out the minutes of the last meeting...) Even though this is late, PLEASE TAKE NOTE, there are action items from this meeting, all about making sure every team has their feature "wish list" up on the 3.6 feature list at http://goo.gl/9X3G49 If your team's features are not represented on this Google spreadsheet, then you need to fill this out. Scheduling needs to get done, and we need to determine what will be in 3.6 and what will be held for the magical 4.0 release. Thanks, and apologies for the delay! = #ovirt: oVirt Weekly Sync = Meeting started by bkp at 15:01:02 UTC. The full logs are available at http://ovirt.org/meetings/ovirt/2014/ovirt.2014-12-03-15.01.log.html . Meeting summary --- * Agenda and Roll Call (bkp, 15:01:34) * infra update (bkp, 15:01:34) * 3.5.z updates (bkp, 15:01:34) * 3.6.0 status (bkp, 15:01:34) * conferences and workshops (bkp, 15:01:34) * other topics (bkp, 15:01:36) * infra update (bkp, 15:05:05) * infra update Still working hard on ensuring full ILO access for PHX lab servers, currently at high priority with the local admins there (bkp, 15:16:56) * infra update dcaro has done massive work on stabilization, mostly migrating vdsm unit tests and other jobs to mock (bkp, 15:17:00) * infra update Fedora 21 jobs disabled due to multiple errors on various jobs, will re-enable once verified by maintainers they pass sanity (bkp, 15:17:03) * infra update Considering using mom for optimizing memory usage on hypervisors in phx lab (bkp, 15:17:06) * infra update oVirt hosted engine on phx lab upgraded to latest 3.5 (bkp, 15:17:09) * infra update MiniDell mini-lab decommisioned after Rackspace and now we're only using VMs on phx lab (bkp, 15:17:11) * infra update PHX lab docs first draft at: http://www.ovirt.org/Infra/Phoenix_Lab_Overview (doc is merged as code here: http://gerrit.ovirt.org/#/c/34984/) (bkp, 15:17:14) * infra update Some Jenkins plugins also updated (bkp, 15:17:17) * infra update Now that there is space available, resources.ovirt.org should be able to be migrated to PHX, thus eliminating storage issues (bkp, 15:17:20) * 3.5.z updates (bkp, 15:18:15) * 3.5.z updates Full update at http://lists.ovirt.org/pipermail/users/2014-December/029700.html (bkp, 15:24:39) * 3.5.z updates 3.5.1 RC postponed another week due to blockers (still one in NEW) (bkp, 15:24:42) * 3.5.z updates ETA for blocker (1160846): In progress, unknown at this time. Hopefully next week. (bkp, 15:24:45) * 3.5.z updates Still ~40 bugs targeted to 3.5.1 that will be re-targeted to 3.5.2 (or 3.6 based on assignee preference) upon 3.5.1 release (bkp, 15:24:48) * 3.6 status (bkp, 15:25:16) * 3.6.0 status Full update at http://lists.ovirt.org/pipermail/users/2014-December/029702.html (bkp, 15:42:51) * 3.6.0 status Not much progress in features gathering. Only integration, network, and Gluster have added features. #info 3.6.0 status Bug count climbing as 3.5.1 bugs get reassigned to 3.6. (bkp, 15:42:54) * 3.6.0 status Still no schedule for the release but I guess it's better to see at next week's sync with the feature doc filled (bkp, 15:42:58) * ACTION: 3.6.0 mskrivanek_away needs to add new features for virt to 3.6 new feature sheet http://goo.gl/9X3G49 (bkp, 15:43:01) * ACTION: 3.6.0 amureini tal need to add new features for storage to 3.6 new feature sheet http://goo.gl/9X3G49 (bkp, 15:43:04) * ACTION: 3.6.0 ybronheim ykaplan need to add new features for infra to 3.6 new feature sheet http://goo.gl/9X3G49 (bkp, 15:43:07) * ACTION: 3.6.0 fabiand needs to add new features for node to 3.6 new feature sheet http://goo.gl/9X3G49 (bkp, 15:43:10) * ACTION: 3.6.0 awels needs to add new features for ux to 3.6 new feature sheet http://goo.gl/9X3G49 (bkp, 15:43:13) * ACTION: 3.6.0 doron_afk msivak gchaplik rgolan1 need to add new features for ux to 3.6 new feature sheet http://goo.gl/9X3G49 (bkp, 15:43:16) * conferences and workshops (bkp, 15:43:23) * other topics (bkp, 15:45:23) * other topics sbonazzo started the process of joining the CentOS Virt SIG http://lists.centos.org/pipermail/centos-virt/2014-December/004173.html (bkp, 15:47:05) * other topics bkp working on fixing up slides for oVirt intro sessions, and then will dive into recordings of demos for YouTube, Google Hangouts, booth sessions (bkp, 15:47:08) * other topics bkp working with Shaun McCance to develop documentation strategy for 2015. Will need to coordinate with docs team within community. (bkp, 15:47:17) * other topics danken mentioned this program: https://developers.google.com/open-source/gci/resources/downloads/GoogleCode-in2014Flyer-orgs.pdf. maybe next year oVirt
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hi! I tested the configuration and it worked properly. - Original Message - > From: "Juan Jose" > To: "Alon Bar-Lev" > Cc: "Ondra Machacek" , "Yair Zaslavsky" > , users@ovirt.org > Sent: Friday, December 5, 2014 1:10:06 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Alon, > > I have deleted Legacy domain with engine-manage-domain, and I have changed > configuration to absolute file name as you can see: > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > ovirt.engine.extension.name = siee-local-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name = siee > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties Please move this file to /etc/ovirt-engine/aaa/siee.properties, it should not reside within the extensions.d > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > ovirt.engine.extension.name = siee-local-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties Same. > > I had configured relative file name because the example > /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties > has a relative file name. Yes, as I wrote, this relative is coming int 3.5.1. > I have done the same: delete engine.log, restart ovirt-engine and try log > in and the same error is showed, "General command validation failure." Please first refer the startup errors, there is no much sense to try login if startup fails... :) In your case: 2014-12-05 11:25:05,575 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-2) [ovirt-engine-extension-aaa-ldap.authz::siee-local-authz] Cannot initialize LDAP framework, deferring initialization. Error: null Which is as if something missing. I took your configuration as-is and it does work, in the exception of moving /etc/ovirt-engine/extensions.d/aaa to /etc/ovirt-engine/aaa as it should be, please perform this change and modify the file locations within extension properties file. I need to figure out what is happening, so from README[1], please follow the following instructions and restart engine so we get more verbose logs. Update: /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in Make sure handle level name is ALL for ENGINE, if not set like I am unsure if in 3.5.0 this was the case: --- --- Add the following before the line: --- --- Restart the engine and send the engine.log, this way I can see what happening during initialization. Thanks for checking it out, hopefully something trivial is missing, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l230 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
We will also need log of the generic ldap extensin, can you please provide it? Thanks! - Original Message - > From: "Juan Jose" > To: "Alon Bar-Lev" > Cc: "Ondra Machacek" , "Yair Zaslavsky" > , users@ovirt.org > Sent: Friday, December 5, 2014 1:10:06 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Alon, > > I have deleted Legacy domain with engine-manage-domain, and I have changed > configuration to absolute file name as you can see: > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > ovirt.engine.extension.name = siee-local-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name = siee > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > ovirt.engine.extension.name = siee-local-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties > > I had configured relative file name because the example > /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties > has a relative file name. > > I have done the same: delete engine.log, restart ovirt-engine and try log > in and the same error is showed, "General command validation failure." > > Attach engine.log file. > > Thanks, > > Juanjo. > > > On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev wrote: > > > > > Hi! > > > > You have the following errors: > > > > 2014-12-05 09:32:31,778 INFO > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service > > thread 1-5) Loading extension 'siee-local-authn' > > 2014-12-05 09:32:31,819 ERROR > > [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC > > service thread 1-5) Could not load extension based on configuration file > > '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check > > the configuration file is valid. Exception message is: Error loading > > extension 'siee-local-authn': /aaa/siee.properties (No such file or > > directory) > > 2014-12-05 09:32:31,823 INFO > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service > > thread 1-5) Loading extension 'siee-local-authz' > > 2014-12-05 09:32:31,824 ERROR > > [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC > > service thread 1-5) Could not load extension based on configuration file > > '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check > > the configuration file is valid. Exception message is: Error loading > > extension 'siee-local-authz': /aaa/siee.properties (No such file or > > directory) > > > > Per my last message, you should provide absolute file names if you use > > 3.5.0. > > Please see inline comments bellow. > > > > Also, you are trying to authenticate with the legacy provider: > > > > 2014-12-05 09:33:04,871 ERROR > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] > > (ajp--127.0.0.1-8702-5) Failed ldap search server > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > Authentication Failed. Please verify the username and password.. We should > > not try the next server > > > > Can you please use engine-manage-domains to remove the legacy (old) > > domain, so we reduce confusion? > > > > Thanks! > > > > - Original Message - > > > From: "Juan Jose" > > > To: "Alon Bar-Lev" > > > Cc: "Ondra Machacek" , "Yair Zaslavsky" < > > yzasl...@redhat.com>, users@ovirt.org > > > Sent: Friday, December 5, 2014 10:43:01 AM > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Hello Alon, > > > > > > I have done what you have said. My new configuration files are: > > > > > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > > > > > ovirt.engine.extension.name = siee-local-authn > > > ovirt.engine.extension.bindings.method = jbossmodule > > > ovirt.engine.extension.binding.jbossmodule.module = > > > org.ovirt.engine-extensions.aaa.ldap > > > ovirt.engine.extension.binding.jbossmodule.class = > > > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > > ovirt.engine.extension.provides = > > org.ovirt.engine.api.extensions.aaa.Authn > > > ovirt.engine.aaa.authn.profile.name = siee > > > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > >
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon, I have deleted Legacy domain with engine-manage-domain, and I have changed configuration to absolute file name as you can see: /etc/ovirt-engine/extensions.d/siee-local-authn.properties: ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties /etc/ovirt-engine/extensions.d/siee-local-authz.properties: ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties I had configured relative file name because the example /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties has a relative file name. I have done the same: delete engine.log, restart ovirt-engine and try log in and the same error is showed, "General command validation failure." Attach engine.log file. Thanks, Juanjo. On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev wrote: > > Hi! > > You have the following errors: > > 2014-12-05 09:32:31,778 INFO > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service > thread 1-5) Loading extension 'siee-local-authn' > 2014-12-05 09:32:31,819 ERROR > [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC > service thread 1-5) Could not load extension based on configuration file > '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check > the configuration file is valid. Exception message is: Error loading > extension 'siee-local-authn': /aaa/siee.properties (No such file or > directory) > 2014-12-05 09:32:31,823 INFO > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service > thread 1-5) Loading extension 'siee-local-authz' > 2014-12-05 09:32:31,824 ERROR > [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC > service thread 1-5) Could not load extension based on configuration file > '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check > the configuration file is valid. Exception message is: Error loading > extension 'siee-local-authz': /aaa/siee.properties (No such file or > directory) > > Per my last message, you should provide absolute file names if you use > 3.5.0. > Please see inline comments bellow. > > Also, you are trying to authenticate with the legacy provider: > > 2014-12-05 09:33:04,871 ERROR > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] > (ajp--127.0.0.1-8702-5) Failed ldap search server > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > Authentication Failed. Please verify the username and password.. We should > not try the next server > > Can you please use engine-manage-domains to remove the legacy (old) > domain, so we reduce confusion? > > Thanks! > > - Original Message - > > From: "Juan Jose" > > To: "Alon Bar-Lev" > > Cc: "Ondra Machacek" , "Yair Zaslavsky" < > yzasl...@redhat.com>, users@ovirt.org > > Sent: Friday, December 5, 2014 10:43:01 AM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > Hello Alon, > > > > I have done what you have said. My new configuration files are: > > > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > > > ovirt.engine.extension.name = siee-local-authn > > ovirt.engine.extension.bindings.method = jbossmodule > > ovirt.engine.extension.binding.jbossmodule.module = > > org.ovirt.engine-extensions.aaa.ldap > > ovirt.engine.extension.binding.jbossmodule.class = > > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > ovirt.engine.extension.provides = > org.ovirt.engine.api.extensions.aaa.Authn > > ovirt.engine.aaa.authn.profile.name = siee > > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > > config.profile.file.1 = aaa/siee.properties > > should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or > can be ../aaa/siee.properties in 3.5.1. > > > > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > > > ovirt.engine.extension.name = siee-local-authz > > ovirt.engine.extension.bindings.method = jbossmodule > > ovirt.engine.extension.binding.jbossmodule.module = > > org.ovirt.engine-extensions.aaa.ldap > > ovirt.engine.extension.binding.jbossmodule.class = > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > > ovirt.
[ovirt-users] oVirt power management issue
Hi, We're trying to set up an oVirt configuration with an oVirt-controller (CentOS 6), iSCSI-storage (Dell MD3200i) and 3 vm-hosts (CentOS 7) powered by 2 APC PDUs. Testing the Power Management settings in the web GUI, we get the following message: "Test Succeeded, unknown." The oVirt engine log outputs the following: 2014-12-05 11:23:00,872 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: Host vm-02 from data center was chosen as a proxy to execute Status command on Host vm-03. 2014-12-05 11:23:00,879 INFO [org.ovirt.engine.core.bll.FenceExecutor] (ajp--127.0.0.1-8702-7) Using Host vm-02 from data center as proxy to execute Status command on Host 2014-12-05 11:23:00,904 INFO [org.ovirt.engine.core.bll.FenceExecutor] (ajp--127.0.0.1-8702-7) Executing Power Management command, Proxy Host:vm-02, Agent:apc, Target Host:, Management IP:***.***.***.***, User:apc, Options:, Fencing policy:null 2014-12-05 11:23:00,930 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.FenceVdsVDSCommand] (ajp--127.0.0.1-8702-7) START, FenceVdsVDSCommand(HostName = vm-02, HostId = 071554fc-eed2-4e8f-b6bc-041248d0eaa5, targetVdsId = 67c642ed-0a7a-4e3b-8dd6-32a36df4aea9, action = Status, ip = ***.***.***.***, port = , type = apc, user = apc, password = **, options = '', policy = 'null'), log id: 2803522 2014-12-05 11:23:01,137 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: Power Management test failed for Host vm-03.Done 2014-12-05 11:23:01,138 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.FenceVdsVDSCommand] (ajp--127.0.0.1-8702-7) FINISH, FenceVdsVDSCommand, return: Test Succeeded, unknown, log id: 2803522 2014-12-05 11:23:01,139 WARN [org.ovirt.engine.core.bll.FenceExecutor] (ajp--127.0.0.1-8702-7) Fencing operation failed with proxy host 071554fc-eed2-4e8f-b6bc-041248d0eaa5, trying another proxy... 2014-12-05 11:23:01,241 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: Host vm-01 from data center was chosen as a proxy to execute Status command on Host vm-03. 2014-12-05 11:23:01,244 INFO [org.ovirt.engine.core.bll.FenceExecutor] (ajp--127.0.0.1-8702-7) Using Host vm-01 from data center as proxy to execute Status command on Host 2014-12-05 11:23:01,246 INFO [org.ovirt.engine.core.bll.FenceExecutor] (ajp--127.0.0.1-8702-7) Executing Power Management command, Proxy Host:vm-01, Agent:apc, Target Host:, Management IP:***.***.***.***, User:apc, Options:, Fencing policy:null 2014-12-05 11:23:01,273 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.FenceVdsVDSCommand] (ajp--127.0.0.1-8702-7) START, FenceVdsVDSCommand(HostName = vm-01, HostId = c50eb9bf-5294-4d46-813d-7adfcb41d71d, targetVdsId = 67c642ed-0a7a-4e3b-8dd6-32a36df4aea9, action = Status, ip = ***.***.***.***, port = , type = apc, user = apc, password = **, options = '', policy = 'null'), log id: 2b00de15 2014-12-05 11:23:01,449 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: Power Management test failed for Host vm-03.Done 2014-12-05 11:23:01,451 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.FenceVdsVDSCommand] (ajp--127.0.0.1-8702-7) FINISH, FenceVdsVDSCommand, return: Test Succeeded, unknown, log id: 2b00de15 This is the vdsm.log output: JsonRpc (StompReactor)::DEBUG::2014-12-05 11:34:05,065::stompReactor::98::Broker.StompAdapter::(handle_frame) Handling message JsonRpcServer::DEBUG::2014-12-05 11:34:05,067::__init__::504::jsonrpc.JsonRpcServer::(serve_requests) Waiting for request Thread-24996::DEBUG::2014-12-05 11:34:05,069::API::1188::vds::(fenceNode) fenceNode(addr=***.***.***.***,port=,agent=apc,user=apc,passwd=,action=status,secure=False,options=,policy=None) Thread-24996::DEBUG::2014-12-05 11:34:05,069::utils::738::root::(execCmd) /usr/sbin/fence_apc (cwd None) Thread-24996::DEBUG::2014-12-05 11:34:05,131::utils::758::root::(execCmd) FAILED: = "Failed: You have to enter plug number or machine identification\nPlease use '-h' for usage\n"; = 1 Thread-24996::DEBUG::2014-12-05 11:34:05,131::API::1143::vds::(fence) rc 1 inp agent=fence_apc ipaddr=***.***.***.*** login=apc action=status passwd= out [] err ['Failed: You have to enter plug number or machine identification', "Please use '-h' for usage"] The 'port' and 'options' fields show up as empty, even if we enter '22' or 'port=22'. We did enter the slot number as well. Entering the fence_apc command manually, we get: fence_apc -a ***.***.***.*** -l apc -p ** -o status -n 1 -x Status: ON Anyone have an
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hi! You have the following errors: 2014-12-05 09:32:31,778 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authn' 2014-12-05 09:32:31,819 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authn': /aaa/siee.properties (No such file or directory) 2014-12-05 09:32:31,823 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authz' 2014-12-05 09:32:31,824 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authz': /aaa/siee.properties (No such file or directory) Per my last message, you should provide absolute file names if you use 3.5.0. Please see inline comments bellow. Also, you are trying to authenticate with the legacy provider: 2014-12-05 09:33:04,871 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server Can you please use engine-manage-domains to remove the legacy (old) domain, so we reduce confusion? Thanks! - Original Message - > From: "Juan Jose" > To: "Alon Bar-Lev" > Cc: "Ondra Machacek" , "Yair Zaslavsky" > , users@ovirt.org > Sent: Friday, December 5, 2014 10:43:01 AM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Alon, > > I have done what you have said. My new configuration files are: > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > ovirt.engine.extension.name = siee-local-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name = siee > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > config.profile.file.1 = aaa/siee.properties should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1. > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > ovirt.engine.extension.name = siee-local-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = aaa/siee.properties should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or can be ../aaa/siee.properties in 3.5.1. > > /etc/ovirt-engine/extensions.d/aaa/siee.properties: > > include = > > # > # Active directory domain name. > # > vars.domain = siee.local > > # > # Search user and its password. > # > vars.user = searcher@${global:vars.domain} > vars.password = xxx > > # > # Optional DNS servers, if enterprise > # DNS server cannot resolve the domain srvrecord. > # > #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain} > > pool.default.serverset.type = srvrecord > pool.default.serverset.srvrecord.domain = ${global:vars.domain} > pool.default.auth.simple.bindDN = ${global:vars.user} > pool.default.auth.simple.password = ${global:vars.password} > > # Uncomment if using custom DNS > #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url > = ${global:vars.dns} > #pool.default.socketfactory.resolver.uRL = ${global:vars.dns} > > # Create keystore, import certificate chain and uncomment > # if using ssl/tls. > #pool.default.ssl.startTLS = true > #pool.default.ssl.truststore.file = > ${local:_basedir}/${global:vars.domain}.jks > #pool.default.ssl.truststore.password = changeit > > After reconfigure my files with ovirt-engine stopped I have started > ovirt-engine and I have tried to log in. The error persist, > "General command validation failure." and after that I have stopped > ovirt-engine again. I attach my engine.log file. > > Many thanks again, > > Juanjo. > > > On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev wrote: > > > > > > > - Original Message - > > > From: "Juan Jose" > > > To: "Alon Bar-Lev" >
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon, I have done what you have said. My new configuration files are: /etc/ovirt-engine/extensions.d/siee-local-authn.properties: ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = aaa/siee.properties /etc/ovirt-engine/extensions.d/siee-local-authz.properties: ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = aaa/siee.properties /etc/ovirt-engine/extensions.d/aaa/siee.properties: include = # # Active directory domain name. # vars.domain = siee.local # # Search user and its password. # vars.user = searcher@${global:vars.domain} vars.password = xxx # # Optional DNS servers, if enterprise # DNS server cannot resolve the domain srvrecord. # #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} # Uncomment if using custom DNS #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns} #pool.default.socketfactory.resolver.uRL = ${global:vars.dns} # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true #pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks #pool.default.ssl.truststore.password = changeit After reconfigure my files with ovirt-engine stopped I have started ovirt-engine and I have tried to log in. The error persist, "General command validation failure." and after that I have stopped ovirt-engine again. I attach my engine.log file. Many thanks again, Juanjo. On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev wrote: > > > - Original Message - > > From: "Juan Jose" > > To: "Alon Bar-Lev" > > Cc: "Ondra Machacek" , "Yair Zaslavsky" < > yzasl...@redhat.com>, users@ovirt.org > > Sent: Tuesday, December 2, 2014 3:48:54 PM > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > Hello Alon and everybody, > > > > I have installed package ovirt-engine-extension-aaa-ldap and configure my > > files as the documentation says. The files are: > > > > /etc/ovirt-engine/extensions.d/siee.local-authn.properties: > > > > ovirt.engine.extension.name = siee.local-authn > > ovirt.engine.extension.bindings.method = jbossmodule > > ovirt.engine.extension.binding.jbossmodule.module = > > org.ovirt.engine-extensions.aaa.ldap > > ovirt.engine.extension.binding.jbossmodule.class = > > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > ovirt.engine.extension.provides = > org.ovirt.engine.api.extensions.aaa.Authn > > ovirt.engine.aaa.authn.profile.name = siee.local > > ovirt.engine.aaa.authn.authz.plugin = siee.local-authz > > config.profile.file.1 = aaa/siee.local.properties > > please use absolute file name for 3.5.0 relative will be available in 3.5.1 > > > > > /etc/ovirt-engine/extensions.d/siee.local-authz.properties: > > > > ovirt.engine.extension.name = siee.local-authz > > ovirt.engine.extension.bindings.method = jbossmodule > > ovirt.engine.extension.binding.jbossmodule.module = > > org.ovirt.engine-extensions.aaa.ldap > > ovirt.engine.extension.binding.jbossmodule.class = > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > > ovirt.engine.extension.provides = > org.ovirt.engine.api.extensions.aaa.Authz > > config.profile.file.1 = aaa/siee.local.properties > > please use absolute file name for 3.5.0 relative will be available in 3.5.1 > > > > > > /etc/ovirt-engine/extensions.d/aaa/siee.local.properties: > > > > include = > > > > # > > # Active directory domain name. > > # > > vars.domain = siee.local > > > > # > > # Search user and its password. > > # > > vars.user = juanjo@${global:vars.domain} > > vars.password = > > this should be dedicate user for search not your private user. > > > > > # > > # Optional DNS servers, if enterprise > > # DNS server cannot resolve the domain srvrecord. > > # > > #vars.dns = dns://dc1.${global:vars.domain} > dns://dc2.${global:vars.domain} > > > > pool.default.serverset.type = srvrecord > > pool.default.serverset.srvrecord.domain = ${global:vars.domain} > > pool.default.auth.simple.bindDN = ${global:var